Skip to content

Commit

Permalink
Merge pull request #372 from hotwax/104-soc2-fixes
Browse files Browse the repository at this point in the history
Improved: Added X-Frame-Options, CSP, strict-transport-security and Permissions-Policy headers in firebase config in context of soc2 compliance (#104).
  • Loading branch information
ravilodhi authored Nov 25, 2024
2 parents 4ed055e + 1304824 commit 92548d8
Showing 1 changed file with 57 additions and 5 deletions.
62 changes: 57 additions & 5 deletions firebase.json
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,25 @@
"rewrites": [ {
"source": "**",
"destination": "/index.html"
} ]

} ],
"headers": [ {
"source": "**",
"headers": [ {
"key": "X-Frame-Options",
"value": "SAMEORIGIN"
},
{
"key": "Content-Security-Policy",
"value": "default-src 'self';font-src 'self' data: *;script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com;img-src 'self' 'unsafe-inline' *.shopify.com javascript: ;style-src 'self' 'unsafe-inline' *; connect-src 'self' *"
},
{
"key": "strict-transport-security",
"value": "max-age=31536000; includeSubDomains"
},{
"key": "Permissions-Policy",
"value": "camera=self"
} ]
}]
},
{
"target": "dev",
Expand All @@ -25,8 +42,25 @@
"rewrites": [ {
"source": "**",
"destination": "/index.html"
} ]

} ],
"headers": [ {
"source": "**",
"headers": [ {
"key": "X-Frame-Options",
"value": "SAMEORIGIN"
},
{
"key": "Content-Security-Policy",
"value": "default-src 'self';font-src 'self' data: *;script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com;img-src 'self' 'unsafe-inline' *.shopify.com javascript: ;style-src 'self' 'unsafe-inline' *; connect-src 'self' *"
},
{
"key": "strict-transport-security",
"value": "max-age=31536000; includeSubDomains"
},{
"key": "Permissions-Policy",
"value": "camera=self"
} ]
}]
},
{
"target": "uat",
Expand All @@ -39,7 +73,25 @@
"rewrites": [ {
"source": "**",
"destination": "/index.html"
} ]
} ],
"headers": [ {
"source": "**",
"headers": [ {
"key": "X-Frame-Options",
"value": "SAMEORIGIN"
},
{
"key": "Content-Security-Policy",
"value": "default-src 'self';font-src 'self' data: *;script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com;img-src 'self' 'unsafe-inline' *.shopify.com javascript: ;style-src 'self' 'unsafe-inline' *; connect-src 'self' *"
},
{
"key": "strict-transport-security",
"value": "max-age=31536000; includeSubDomains"
},{
"key": "Permissions-Policy",
"value": "camera=self"
} ]
}]
}
]
}

0 comments on commit 92548d8

Please sign in to comment.